SUSE Releases Critical Kernel Live Patch to Fix High-Severity NFSv4 Vulnerability

SUSE has rolled out a critical SUSE Linux Enterprise Kernel update to address multiple high-severity vulnerabilities, including a dangerous heap overflow flaw. This live patch, officially designated as SUSE-SU-2026:2610-1, is essential for system administrators and DevOps teams managing infrastructure on kernel version 6.4.0-150600.23.50. By applying this update, enterprise environments can immediately mitigate the risks of remote code execution and system instability without requiring a disruptive server reboot.

The security advisory highlights a total of seven distinct flaws affecting network filtering, file systems, and packet scheduling. Because these vulnerabilities reside deep within the kernel's core networking and file-sharing protocols, unpatched systems remain highly susceptible to targeted exploitation.

The SUSE Linux Enterprise Kernel update resolves the following specific security and stability issues, ensuring safer data handling across enterprise networks:

• CVE-2026-23278: Fixes an issue in the netfilter: nf_tables component, ensuring the system always walks all pending catchall elements to prevent logic bypasses.
• CVE-2026-31402: Addresses a critical heap overflow vulnerability in the NFSv4.0 LOCK replay cache, which could allow attackers to corrupt memory.
• CVE-2026-31504: Resolves a use-after-free (UAF) flaw in the packet_release() function triggered via a NETDEV_UP race condition.
• CVE-2026-31694: Prevents the fuse file system from accepting oversized directory entries (dirents) in the page cache.
• CVE-2026-43503: Implements the final stability fixes related to the dirty.frag memory management process.
• CVE-2026-46323: Ensures the net: gro subsystem does not improperly merge zcopy skbs (socket buffers).
• Non-CVE Fix: Corrects a net/sched issue involving a pedit partial Copy-On-Write (COW) operation that was improperly leading to the page cache.

Because this is a Live Patch, system administrators can secure their environments without scheduling downtime. To install this SUSE update using the universally standard package manager, execute the following commands in your terminal:

sudo zypper refresh
sudo zypper patch

After the patch process completes, verify that the live patch has been successfully applied to kernel version 6.4.0-150600.23.50 using the klp -v command.

The most alarming aspect of this SUSE Linux Enterprise Kernel update is the severe rating discrepancy surrounding CVE-2026-31402. While SUSE internally rates this NFSv4.0 heap overflow at an 8.2 (High) on the CVSS 3.1 scale, the National Vulnerability Database (NVD) assigns it a maximum 9.8 (Critical). This gap often occurs because vendor-specific kernel configurations might mitigate some theoretical attack vectors, but administrators should always treat a 9.8 NVD score as a "patch immediately" scenario.

The fact that SUSE is delivering this fix via a Live Patch is a massive operational advantage. Historically, patching a core file-sharing protocol like NFS required taking critical databases and storage arrays offline. By allowing enterprises to hot-swap the vulnerable code in memory, SUSE proves that modern Linux infrastructure can handle critical security interventions without sacrificing high availability.